Skip to main content
Govern · Policy Studio
Author policy. Enforce it on-device.
Write rules in a typed DSL, replay them against past sessions before you ship, then enforce on every machine — locally, at the agent loop, with zero round-trips.
Typedpolicies
Replaybefore you enforce
On-deviceenforcement, no proxy
6control surfaces
14tools supported
8.5MBon-device agent
policy that holds
Replay before you enforce
Typed DSL
A structured rule language with type-checking — author policy that can't silently go wrong.
Replay sessions
Test a rule against 90 days of real sessions before it goes live. Ship policy you trust.
Policy packs
Bundle rules into shareable packs your whole org can adopt in a single click.
On-device enforcement
Policy runs where the agent runs
No round-trip to a server to decide if a call is allowed. Rules evaluate in milliseconds, locally, with the same typed DSL your whole team authors from the dashboard.
See compliance →policy.forg · example
# block writes outside repo
deny tool.fs.write
when path not_in repo
# require verified servers
deny mcp.call
when server.trust < "verified"
# scrub secrets before send
scrub request.body
pattern secrets.*3 rules · replayed · ready to deploy